[ad_1]
(Adds comment from researchers who discovered a flaw, possible methods for the leaks)
By Raphael Satter, Christopher Bing and Joseph Menn
WASHINGTON, March 10 (Reuters) – At least 10 hacking groups are using newly discovered flaws in Microsoft Corp’s mail server software to break into targets around the world, cybersecurity firm ESET said on Wednesday in a blog post.
The scale of the exploitation adds to the urgency of warnings issued by authorities in the United States and Europe on weaknesses found in Microsoft’s Exchange software.
Security flaws in the widely used email and calendar solution leave the door open for industrial-scale cyber espionage, allowing malicious actors to steal emails virtually at will from vulnerable servers or roam elsewhere in the world. network. Tens of thousands of organizations have already been compromised, Reuters reported last week, and new victims are being made public daily.
Earlier Wednesday, for example, the Norwegian parliament announced that data had been “mined” in a breach linked to Microsoft’s vulnerabilities. Germany’s cybersecurity watchdog also said on Wednesday that two federal authorities had been affected by the hack, although it declined to identify them.
While Microsoft has released fixes, the slow pace of updates from many customers – which experts attribute in part to the complexity of Exchange’s architecture – means the domain remains at least partially open to hackers of all stripes. . The fixes do not remove any backdoor access that has already been left on the machines.
Additionally, some of the backdoors left on compromised machines have easy-to-guess passwords, so newcomers can take care of them.
Microsoft declined to comment on the pace of customer updates. In previous announcements about the flaws, the company has stressed the importance of “fixing all affected systems immediately.”
Although the hack appears to be focused on cyber espionage, experts worry about the prospect of ransom-seeking cybercriminals taking advantage of the loopholes, as it could lead to widespread disruption.
ESET’s blog said there were already signs of cybercrime exploitation, with a group specializing in stealing computer resources to mine cryptocurrency by breaking into previously vulnerable Exchange servers to spread its malware.
ESET has named nine other espionage-focused groups that it says were taking advantage of loopholes to break into targeted networks – several of which have been linked to China. Microsoft blamed the hacking on China. The Chinese government denies any role.
Oddly enough, several of the groups appeared to know about the vulnerability before it was announced by Microsoft on March 2.
Ben Read, director of cybersecurity firm FireEye Inc, said he could not confirm the exact details in ESET’s message, but said his company also saw “several presumably Chinese groups” using the loopholes in Microsoft in different waves.
ESET researcher Matthieu Faou said in an email that it was “very rare” for so many different cyber espionage groups to have access to the same information before it was made public.
He speculated that either the information “was disclosed” before Microsoft’s announcement, or that it was found by a third party who provides vulnerability information to cyber-spy.
Taiwan-based researchers reported to Microsoft on January 5 that they had found two new flaws that needed to be fixed. These two elements were among those which began to be used by the attackers shortly before or after the friendly report.
They said they were investigating whether there had been a theft or a leak on their end, as the exploitation was discovered in the wild the same week later. So far, the group called Devcore said they had found no evidence.
High-level hackers are also commonly targeted by other hackers. Just this week, Microsoft fixed one of the loopholes used by suspected North Koreans to try to steal information from Western researchers.
But simultaneous discovery happens quite often, in part because researchers use the same or similar tools to look for serious flaws, and many eyes are staring at the same high-value targets.
“It is very likely that certain groups of actors are using these vulnerabilities and have led to the outcome of the attacks observed by other information security providers,” Bowen Hsu, a member of Devcore, told Reuters.
But the security industry has been abuzz with other theories, including hacking into Microsoft’s systems to track bugs, which has happened in the past. (Report by Raphael Satter and Christopher Bing in Washington and Joseph Menn in San Francisco edited by Matthew Lewis and Grant McCool)
Our Standards: Thomson Reuters Trust Principles.
[ad_2]
Source link